WHAT IS CLAIMED IS: 



1 1 . A method for accessing information in an information store in 

2 accordance with an access policy, said method comprising: 

3 receiving an access request comprising a request for a first type of 

4 information, wherein said request for a first type of information has associated therewith first 

5 information contained in said information store; 

6 replacing said request for a first type of information with a modified request 

7 for a first type of information, said modified request being based on said access policy; and 

8 accessing said information store to produce a result in response to said access 

9 request, wherein said modified request produces either a masked value or said first 
1 0 information, based on said access policy. 

C3l 2. The method of claim 1 wherein said modified request includes a mask 

if] 

ft]2 function. 

3. The method of claim 2 wherein said accessing includes executing said 

: (52 mask function to produce either said masked value or said first information. 

Ll 4. The method of claim 1 further including modifying said access request 

y2 to include a filter function, said filter function effective for eliminating portions of said result 

: 3 in accordance with said access policy. 

^1 5. The method of claim 1 wherein said information store is a relational 

2 database and said request for a first type of information comprises a SELECT statement, said 

3 SELECT statement comprising one or more column references, said modified request 

4 comprising a replacement of at least one of said one or more column references with a mask 

5 function. 

1 6. The method of claim 1 wherein said information store is a relational 

2 database and said access request includes a WHERE clause, said result comprising one or 

3 more rows of information, said method further including incorporating a filter function in 

4 said WHERE clause to remove certain rows contained in said result, based on said access 

5 policy. 
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1 7. In a relational database, a method for accessing information in 

2 accordance with an access policy, said method comprising: 

3 providing at least one query comprising a SELECT statement, said SELECT 

4 statement comprising one or more column references; 

5 replacing at least one of said one or more column references with a mask 

6 function to produce a modified query; and 

7 producing a query result in response to said modified query comprising one or 

8 more rows of information; 

9 wherein said query result includes, for said at least one of said one or more 

10 column references, either mask values or information from said relational database, based on 

1 1 said access policy. 

C3l 8. The method of claim 7 wherein said at least one query further 

102 comprises a WHERE clause, said method further including modifying said WHERE clause to 

.13 produce a modified WHERE clause which includes a filter function, said filter function 

ffH producing one of two logical values, said modified WHERE clause effective for deleting a 

□5 row from said query result based on a value produced by said filter function. 

Hi 9. The method of claim 7 wherein said relational database in provided in 

|fU2 a database server; said step of providing includes receiving said at least one query at a client 

'~~-~~3 system; and said step of producing includes transmitting said modified query to said database 

|5 *4 server. 

1 10. The method of claim 9 wherein said step of replacing is performed at 

2 said client system. 

1 11. The method of claim 9 wherein said step of replacing is performed at 

2 said database server. 

1 12. A computer-based information retrieval system comprising: 

2 computer memory having computer readable program code embodied therein 

3 for accessing an information store in accordance with an access policy, said computer 

4 readable program code comprising: 
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5 first code configured to receive an access request for a first type of 

6 information, wherein said request for a first type of information has associated therewith first 

7 information; 

8 second code configured to replace said request for a first type of 

9 information with a modified request for a first type of information, said modified request 

10 being based on said access policy; and 

1 1 third code configured to access said information store to produce a 

12 result in response to said access request, wherein said modified request produces either a 

13 masked value or said first information, based on said access policy. 

1 13. The system of claim 1 2 further including fourth code configured to 

2 modify said access request to include a filter function, said filter function effective for 
::! 3 eliminating portions of said result in accordance with said access policy. 

fil 14. The system of claim 12 further including a relational database and said 

ml request for a first type of information comprises a SELECT statement, said SELECT 

3 statement comprising one or more column references, said modified request comprising a 
fc34 replacement of at least one of said one or more column references with a mask function. 

l^l 15. The system of claim 1 2 further including a relational database and said 

fife access request includes a WHERE clause, said result comprising one or more rows of 

j ^3 information, said second code further configured to incorporate a filter function in said 

■ "4 WHERE clause to remove certain rows contained in said result, based on said access policy. 

1 16. The system of claim 12 further including a client computer system and 

2 a server computer system, said client computer system comprising a portion of said computer 

3 memory embodying said first and second codes, said server computer system comprising 

4 another portion of said computer memory embodying said third code. 

1 17. The system of claim 12 wherein said database server is a relational 

2 database server, said request for a first type of information comprises a SELECT statement, 

3 said SELECT statement comprising one or more column references, said modified request 

4 comprising a replacement of at least one of said one or more column references with a mask 

5 function. 
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1 18. The system of claim 17 wherein said third code includes mask 

2 function. 

1 19. The system of claim 1 6 wherein said database server is a relational 

2 database server, said access request includes a WHERE clause, said result comprising one or 

3 more rows of information, said second code further configured to incorporate a filter function 

4 in said WHERE clause to remove certain rows contained in said result, based on said access 

5 policy. 

1 20. The system of claim 19 wherein said third code includes mask 

2 function. 
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